Exclusive: Users in dark about security products' effectiveness

Illustration: Aïda Amer/Axios

53% of IT security managers don't know whether the cybersecurity products they use actually work as promised, according to an upcoming survey from the Ponemon Institute and security firm AttackIQ.

Why it matters: It's a little unsettling to find out a captain has no idea if the ship is watertight.

  • Plus, if 53% seems bad, it's probably a whole lot worse. "People are more likely to say they are confident about themselves, so when you see a study showing low confidence, it’s possibly a lot worse," said Larry Ponemon, of the eponymous Institute.
  • The survey included 577 responses from IT managers.

The cybersecurity industry is good at inspiring a lack of faith in the cybersecurity industry.

  • Buzz words bandied about in slogans frequently generate as much skepticism as they do enthusiasm. The notion of snake oil products has been so pervasive that companies now advertise around it.
  • "You sometimes see companies market their products to the threat of the day but not adapt the tool," says Kiersten Todt, managing director of the Cyber Readiness Institute.

To be sure: Many cybersecurity tools are pretty good at what they do. The problem is that the function of security products is a black box — users can't see the gears turning to verify that a tool works or that they are using it properly.

  • "There’s been no methodical approach to check if a product is working as intended," said Chris Kennedy, chief information security officer at study sponsor AttackIQ, which sells products to simulate attacks.

The bottom line: In a better world, security products would inspire more confidence from the people who use them — especially given the cost of cybersecurity.

"Do you have confidence in your door locks?" Kennedy. says. "Put millions of dollars in investment into them, then, yeah, you should have confidence in the product."

What's next

U.S. delays impending China tariffs on some products until December

Shipping containers from China and Asia are unloaded at the Long Beach port, California. Photo: Mark Ralston/AFP/Getty Images

The impending 10% tariffs on $300 billion worth of Chinese imports targeted by President Trump in the trade war will be delayed from Sept. 1 to Dec. 15 for certain products, the Office of the U.S. Trade Representative announced Tuesday. Certain products will also be taken off the list based on "health, safety, national security and other factors."

Why it matters: The delay — for items like cellphones, laptops, video game consoles, certain toys, computer monitors, and certain items of footwear and clothing — will help accommodate the holiday rush to ship products from China, easing the financial burden on U.S. importers. The Dow spiked 2% on the news, with the share price of companies like Apple, Best Buy, Dollar Tree, Hasbro and Gap leading the surge.

Go deeperArrowAug 13, 2019 - Business

Democratic caucuses' phone-in plan opens new risks

Illustration: Rebecca Zisser/Axios

Democrats in Iowa and Nevada want to boost participation in their 2020 caucuses by opening them up to telephone voting. Hacking-spooked Democrats have worked to protect the process from interference, but some experts still see notable risks.

Why it matters: Security concerns have long troubled digital voting systems. Many of the same problems with online voting carry over to telephone voting.

The tweets of August

Illustration: Sarah Grillo/Axios

President Trump may not intend to launch the 2nd Cold War, but his tweets on Friday laid out one path to get there.

Why it matters: The president is using Twitter to demand a conscious uncoupling of the world's two largest economies.

Go deeperArrowAug 23, 2019 - Politics